From 8e19c9f776431f104267a6ad17bcb7292d3c8d1d Mon Sep 17 00:00:00 2001
From: Igor Novgorodov <igor.novgorodov@dfinity.org>
Date: Tue, 5 Nov 2024 17:52:48 +0100
Subject: [PATCH] factor out stuff to ic-bn-lib

---
 .gitignore            |   2 +
 Cargo.lock            | 446 +++++++++++++++++++++++++++++++++---------
 Cargo.toml            | 141 +++++++------
 src/cli.rs            | 182 ++---------------
 src/core.rs           |  28 ++-
 src/metrics/mod.rs    |  13 +-
 src/metrics/runner.rs |  33 +---
 src/routing/mod.rs    |   2 +-
 src/tls/mod.rs        |  58 +-----
 9 files changed, 460 insertions(+), 445 deletions(-)

diff --git a/.gitignore b/.gitignore
index ff8c4a6..dcf67f1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,5 @@
+.idea
+
 # Generated by Cargo
 # will have compiled files and executables
 debug/
diff --git a/Cargo.lock b/Cargo.lock
index e0dfcae..258314e 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -151,9 +151,9 @@ dependencies = [
 
 [[package]]
 name = "anyhow"
-version = "1.0.91"
+version = "1.0.92"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c042108f3ed77fd83760a5fd79b53be043192bb3b9dba91d8c574c0ada7850c8"
+checksum = "74f37166d7d48a0284b99dd824694c26119c700b53bf0d1540cdb147dbdaaf13"
 
 [[package]]
 name = "arc-swap"
@@ -206,7 +206,7 @@ checksum = "965c2d33e53cb6b267e148a4cb0760bc01f4904c1cd4bb4002a085bb016d1490"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.85",
+ "syn 2.0.87",
  "synstructure",
 ]
 
@@ -218,7 +218,7 @@ checksum = "7b18050c2cd6fe86c3a76584ef5e0baf286d038cda203eb6223df2cc413565f7"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.85",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -322,7 +322,7 @@ checksum = "c7c24de15d275a1ecfd47a380fb4d5ec9bfe0933f309ed5e705b775596a3574d"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.85",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -339,7 +339,7 @@ checksum = "721cae7de5c34fbb2acd27e21e6d2cf7b886dce0c27388d46c4e6c47ea4318dd"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.85",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -554,7 +554,7 @@ dependencies = [
  "regex",
  "rustc-hash 1.1.0",
  "shlex",
- "syn 2.0.85",
+ "syn 2.0.87",
  "which",
 ]
 
@@ -795,7 +795,7 @@ dependencies = [
  "lazy_static",
  "proc-macro2",
  "quote",
- "syn 2.0.85",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -967,7 +967,7 @@ dependencies = [
  "heck 0.5.0",
  "proc-macro2",
  "quote",
- "syn 2.0.85",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -978,9 +978,9 @@ checksum = "1462739cb27611015575c0c11df5df7601141071f07518d56fcc1be504cbec97"
 
 [[package]]
 name = "clickhouse"
-version = "0.12.2"
+version = "0.13.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d3093f817c4f81c8bd174ed8dd30eac785821a8a7eef27a7dcb7f8cd0d0f6548"
+checksum = "2135bb9638e8c8c1e3d794f242099e57987059ba52e7e3de597e1d99b2c4a5a3"
 dependencies = [
  "bstr",
  "bytes",
@@ -995,6 +995,7 @@ dependencies = [
  "lz4_flex",
  "quanta",
  "replace_with",
+ "rustls 0.23.16",
  "sealed",
  "serde",
  "static_assertions",
@@ -1014,7 +1015,7 @@ dependencies = [
  "proc-macro2",
  "quote",
  "serde_derive_internals",
- "syn 2.0.85",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -1323,7 +1324,7 @@ dependencies = [
  "proc-macro2",
  "quote",
  "strsim 0.11.1",
- "syn 2.0.85",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -1345,7 +1346,7 @@ checksum = "d336a2a514f6ccccaa3e09b02d41d35330c07ddf03a62165fcec10bb561c7806"
 dependencies = [
  "darling_core 0.20.10",
  "quote",
- "syn 2.0.85",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -1404,13 +1405,13 @@ dependencies = [
 
 [[package]]
 name = "derive-new"
-version = "0.6.0"
+version = "0.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d150dea618e920167e5973d70ae6ece4385b7164e0d799fe7c122dd0a5d912ad"
+checksum = "2cdc8d50f426189eef89dac62fabfa0abb27d5cc008f25bf4156a0203325becc"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.85",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -1463,7 +1464,7 @@ checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.85",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -1566,7 +1567,7 @@ dependencies = [
  "heck 0.5.0",
  "proc-macro2",
  "quote",
- "syn 2.0.85",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -1665,9 +1666,9 @@ dependencies = [
 
 [[package]]
 name = "fqdn"
-version = "0.3.12"
+version = "0.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eb540cf7bc4fe6df9d8f7f0c974cfd0dce8ed4e9e8884e73433b503ee78b4e7d"
+checksum = "5eeee501d87b436020fcd3065cc981b5e4d22f2066735268b36b9d513d23e553"
 
 [[package]]
 name = "fragile"
@@ -1756,7 +1757,7 @@ checksum = "162ee34ebcb7c64a8abebc059ce0fee27c2262618d7b60ed8faf72fef13c3650"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.85",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -1766,7 +1767,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a8f2f12607f92c69b12ed746fabf9ca4f5c482cba46679c1a75b874ed7c26adb"
 dependencies = [
  "futures-io",
- "rustls 0.23.15",
+ "rustls 0.23.16",
  "rustls-pki-types",
 ]
 
@@ -2259,8 +2260,7 @@ dependencies = [
  "http 1.1.0",
  "hyper 1.5.0",
  "hyper-util",
- "log",
- "rustls 0.23.15",
+ "rustls 0.23.16",
  "rustls-native-certs 0.8.0",
  "rustls-pki-types",
  "tokio",
@@ -2284,9 +2284,9 @@ dependencies = [
 
 [[package]]
 name = "hyper-util"
-version = "0.1.9"
+version = "0.1.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "41296eb09f183ac68eec06e03cdbea2e759633d4067b2f6552fc2e009bcad08b"
+checksum = "df2dcfbe0677734ab2f3ffa7fa7bfd4706bfdc1ef393f2ee30184aed67e631b4"
 dependencies = [
  "bytes",
  "futures-channel",
@@ -2350,7 +2350,7 @@ dependencies = [
  "pkcs8",
  "rand",
  "rangemap",
- "reqwest 0.12.8",
+ "reqwest 0.12.9",
  "ring 0.17.8",
  "rustls-webpki 0.102.8",
  "sec1",
@@ -2372,7 +2372,7 @@ dependencies = [
 [[package]]
 name = "ic-bn-lib"
 version = "0.1.0"
-source = "git+https://github.com/dfinity/ic-bn-lib?rev=1aa781275cd958f6148f6ea6a5630f73ab7b2d57#1aa781275cd958f6148f6ea6a5630f73ab7b2d57"
+source = "git+https://github.com/dfinity/ic-bn-lib?rev=526d34d15cfbf369d8baf2dae9932aa18d570a1d#526d34d15cfbf369d8baf2dae9932aa18d570a1d"
 dependencies = [
  "ahash",
  "anyhow",
@@ -2401,16 +2401,19 @@ dependencies = [
  "instant-acme",
  "mockall",
  "moka",
+ "parse-size",
  "prometheus",
  "prost",
  "prost-types",
  "rand",
  "rcgen",
- "reqwest 0.12.8",
- "rustls 0.23.15",
+ "reqwest 0.12.9",
+ "rustls 0.23.16",
  "rustls-acme",
  "rustls-pemfile 2.2.0",
+ "rustls-platform-verifier",
  "scopeguard",
+ "serde",
  "serde_json",
  "sha1",
  "strum",
@@ -2428,6 +2431,7 @@ dependencies = [
  "url",
  "uuid",
  "vrl",
+ "webpki-root-certs",
  "x509-parser",
  "zeroize",
 ]
@@ -2523,12 +2527,11 @@ dependencies = [
  "moka",
  "ocsp-stapler",
  "once_cell",
- "parse-size",
  "prometheus",
  "rand",
  "regex",
- "reqwest 0.12.8",
- "rustls 0.23.15",
+ "reqwest 0.12.9",
+ "rustls 0.23.16",
  "rustls-platform-verifier",
  "serde",
  "serde_cbor",
@@ -2542,7 +2545,7 @@ dependencies = [
  "time",
  "tokio",
  "tokio-util",
- "tower 0.4.13",
+ "tower 0.5.1",
  "tower-http",
  "tower-service",
  "tower_governor",
@@ -2703,6 +2706,124 @@ dependencies = [
  "thiserror",
 ]
 
+[[package]]
+name = "icu_collections"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "db2fa452206ebee18c4b5c2274dbf1de17008e874b4dc4f0aea9d01ca79e4526"
+dependencies = [
+ "displaydoc",
+ "yoke",
+ "zerofrom",
+ "zerovec",
+]
+
+[[package]]
+name = "icu_locid"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "13acbb8371917fc971be86fc8057c41a64b521c184808a698c02acc242dbf637"
+dependencies = [
+ "displaydoc",
+ "litemap",
+ "tinystr",
+ "writeable",
+ "zerovec",
+]
+
+[[package]]
+name = "icu_locid_transform"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "01d11ac35de8e40fdeda00d9e1e9d92525f3f9d887cdd7aa81d727596788b54e"
+dependencies = [
+ "displaydoc",
+ "icu_locid",
+ "icu_locid_transform_data",
+ "icu_provider",
+ "tinystr",
+ "zerovec",
+]
+
+[[package]]
+name = "icu_locid_transform_data"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fdc8ff3388f852bede6b579ad4e978ab004f139284d7b28715f773507b946f6e"
+
+[[package]]
+name = "icu_normalizer"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "19ce3e0da2ec68599d193c93d088142efd7f9c5d6fc9b803774855747dc6a84f"
+dependencies = [
+ "displaydoc",
+ "icu_collections",
+ "icu_normalizer_data",
+ "icu_properties",
+ "icu_provider",
+ "smallvec",
+ "utf16_iter",
+ "utf8_iter",
+ "write16",
+ "zerovec",
+]
+
+[[package]]
+name = "icu_normalizer_data"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f8cafbf7aa791e9b22bec55a167906f9e1215fd475cd22adfcf660e03e989516"
+
+[[package]]
+name = "icu_properties"
+version = "1.5.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "93d6020766cfc6302c15dbbc9c8778c37e62c14427cb7f6e601d849e092aeef5"
+dependencies = [
+ "displaydoc",
+ "icu_collections",
+ "icu_locid_transform",
+ "icu_properties_data",
+ "icu_provider",
+ "tinystr",
+ "zerovec",
+]
+
+[[package]]
+name = "icu_properties_data"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "67a8effbc3dd3e4ba1afa8ad918d5684b8868b3b26500753effea8d2eed19569"
+
+[[package]]
+name = "icu_provider"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6ed421c8a8ef78d3e2dbc98a973be2f3770cb42b606e3ab18d6237c4dfde68d9"
+dependencies = [
+ "displaydoc",
+ "icu_locid",
+ "icu_provider_macros",
+ "stable_deref_trait",
+ "tinystr",
+ "writeable",
+ "yoke",
+ "zerofrom",
+ "zerovec",
+]
+
+[[package]]
+name = "icu_provider_macros"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1ec89e9337638ecdc08744df490b221a7399bf8d164eb52a665454e60e075ad6"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.87",
+]
+
 [[package]]
 name = "ident_case"
 version = "1.0.1"
@@ -2721,12 +2842,23 @@ dependencies = [
 
 [[package]]
 name = "idna"
-version = "0.5.0"
+version = "1.0.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "634d9b1461af396cad843f47fdba5597a4f9e6ddd4bfb6ff5d85028c25cb12f6"
+checksum = "686f825264d630750a544639377bae737628043f20d38bbc029e8f29ea968a7e"
 dependencies = [
- "unicode-bidi",
- "unicode-normalization",
+ "idna_adapter",
+ "smallvec",
+ "utf8_iter",
+]
+
+[[package]]
+name = "idna_adapter"
+version = "1.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "daca1df1c957320b2cf139ac61e7bd64fed304c5040df000a745aa1de3b4ef71"
+dependencies = [
+ "icu_normalizer",
+ "icu_properties",
 ]
 
 [[package]]
@@ -3037,6 +3169,12 @@ version = "0.4.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89"
 
+[[package]]
+name = "litemap"
+version = "0.7.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "643cb0b8d4fcc284004d5fd0d67ccf61dfffadb7f75e1e71bc420f4688a3a704"
+
 [[package]]
 name = "lock_api"
 version = "0.4.12"
@@ -3163,14 +3301,13 @@ checksum = "c9be0862c1b3f26a88803c4a49de6889c10e608b3ee9344e6ef5b45fb37ad3d1"
 
 [[package]]
 name = "mockall"
-version = "0.12.1"
+version = "0.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "43766c2b5203b10de348ffe19f7e54564b64f3d6018ff7648d1e2d6d3a0f0a48"
+checksum = "d4c28b3fb6d753d28c20e826cd46ee611fda1cf3cde03a443a974043247c065a"
 dependencies = [
  "cfg-if",
  "downcast",
  "fragile",
- "lazy_static",
  "mockall_derive",
  "predicates",
  "predicates-tree",
@@ -3178,14 +3315,14 @@ dependencies = [
 
 [[package]]
 name = "mockall_derive"
-version = "0.12.1"
+version = "0.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "af7cbce79ec385a1d4f54baa90a76401eb15d9cab93685f62e7e9f942aa00ae2"
+checksum = "341014e7f530314e9a1fdbc7400b244efea7122662c96bfa248c31da5bfb2020"
 dependencies = [
  "cfg-if",
  "proc-macro2",
  "quote",
- "syn 2.0.85",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -3330,8 +3467,8 @@ dependencies = [
  "rasn-ocsp",
  "rasn-pkix",
  "readme-rustdocifier",
- "reqwest 0.12.8",
- "rustls 0.23.15",
+ "reqwest 0.12.9",
+ "rustls 0.23.16",
  "sha1",
  "tokio",
  "tokio-util",
@@ -3511,7 +3648,7 @@ checksum = "3c0f5fad0874fc7abcd4d750e76917eaebbecaa2c20bde22e1dbeeba8beb758c"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.85",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -3678,7 +3815,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "64d1ec885c64d0457d564db4ec299b2dae3f9c02808b8ad9c3a089c591b18033"
 dependencies = [
  "proc-macro2",
- "syn 2.0.85",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -3734,7 +3871,7 @@ dependencies = [
  "itertools 0.13.0",
  "proc-macro2",
  "quote",
- "syn 2.0.85",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -3793,7 +3930,7 @@ dependencies = [
  "quinn-proto",
  "quinn-udp",
  "rustc-hash 2.0.0",
- "rustls 0.23.15",
+ "rustls 0.23.16",
  "socket2",
  "thiserror",
  "tokio",
@@ -3810,7 +3947,7 @@ dependencies = [
  "rand",
  "ring 0.17.8",
  "rustc-hash 2.0.0",
- "rustls 0.23.15",
+ "rustls 0.23.16",
  "slab",
  "thiserror",
  "tinyvec",
@@ -4099,9 +4236,9 @@ dependencies = [
 
 [[package]]
 name = "reqwest"
-version = "0.12.8"
+version = "0.12.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f713147fbe92361e52392c73b8c9e48c04c6625bce969ef54dc901e58e042a7b"
+checksum = "a77c62af46e79de0a562e1a9849205ffcb7fc1238876e9bd743357570e04046f"
 dependencies = [
  "async-compression",
  "base64 0.22.1",
@@ -4126,7 +4263,7 @@ dependencies = [
  "percent-encoding",
  "pin-project-lite",
  "quinn",
- "rustls 0.23.15",
+ "rustls 0.23.16",
  "rustls-pemfile 2.2.0",
  "rustls-pki-types",
  "serde",
@@ -4260,9 +4397,9 @@ dependencies = [
 
 [[package]]
 name = "rustls"
-version = "0.23.15"
+version = "0.23.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5fbb44d7acc4e873d613422379f69f237a1b141928c02f6bc6ccfddddc2d7993"
+checksum = "eee87ff5d9b36712a58574e12e9f0ea80f915a5b0ac518d322b24a465617925e"
 dependencies = [
  "aws-lc-rs",
  "brotli",
@@ -4354,23 +4491,23 @@ checksum = "16f1201b3c9a7ee8039bcadc17b7e605e2945b27eee7631788c1bd2b0643674b"
 
 [[package]]
 name = "rustls-platform-verifier"
-version = "0.3.4"
+version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "afbb878bdfdf63a336a5e63561b1835e7a8c91524f51621db870169eac84b490"
+checksum = "a4c7dc240fec5517e6c4eab3310438636cfe6391dfc345ba013109909a90d136"
 dependencies = [
  "core-foundation",
  "core-foundation-sys",
  "jni",
  "log",
  "once_cell",
- "rustls 0.23.15",
+ "rustls 0.23.16",
  "rustls-native-certs 0.7.3",
  "rustls-platform-verifier-android",
  "rustls-webpki 0.102.8",
  "security-framework",
  "security-framework-sys",
- "webpki-roots 0.26.6",
- "winapi",
+ "webpki-root-certs",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
@@ -4449,14 +4586,13 @@ dependencies = [
 
 [[package]]
 name = "sealed"
-version = "0.5.0"
+version = "0.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f4a8caec23b7800fb97971a1c6ae365b6239aaeddfb934d6265f8505e795699d"
+checksum = "22f968c5ea23d555e670b449c1c5e7b2fc399fdaec1d304a17cd48e288abc107"
 dependencies = [
- "heck 0.4.1",
  "proc-macro2",
  "quote",
- "syn 2.0.85",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -4505,9 +4641,9 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b"
 
 [[package]]
 name = "serde"
-version = "1.0.213"
+version = "1.0.214"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3ea7893ff5e2466df8d720bb615088341b295f849602c6956047f8f80f0e9bc1"
+checksum = "f55c3193aca71c12ad7890f1785d2b73e1b9f63a0bbc353c08ef26fe03fc56b5"
 dependencies = [
  "serde_derive",
 ]
@@ -4533,13 +4669,13 @@ dependencies = [
 
 [[package]]
 name = "serde_derive"
-version = "1.0.213"
+version = "1.0.214"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7e85ad2009c50b58e87caa8cd6dac16bdf511bbfb7af6c33df902396aa480fa5"
+checksum = "de523f781f095e28fa605cdce0f8307e451cc0fd14e2eb4cd2e98a355b147766"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.85",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -4550,7 +4686,7 @@ checksum = "18d26a20a969b9e3fdf2fc2d9f21eda6c40e2de84c9408bb5d3b05d499aae711"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.85",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -4583,7 +4719,7 @@ checksum = "6c64451ba24fc7a6a2d60fc75dd9c83c90903b19028d4eff35e88fc1e86564e9"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.85",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -4623,7 +4759,7 @@ dependencies = [
  "darling 0.20.10",
  "proc-macro2",
  "quote",
- "syn 2.0.85",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -4769,7 +4905,7 @@ dependencies = [
  "heck 0.5.0",
  "proc-macro2",
  "quote",
- "syn 2.0.85",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -4813,6 +4949,12 @@ dependencies = [
  "der",
 ]
 
+[[package]]
+name = "stable_deref_trait"
+version = "1.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a8f112729512f8e442d81f95a8a7ddf2b7c6b8a1a6f509a95864142b30cab2d3"
+
 [[package]]
 name = "stacker"
 version = "0.1.17"
@@ -4876,7 +5018,7 @@ dependencies = [
  "proc-macro2",
  "quote",
  "rustversion",
- "syn 2.0.85",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -4904,9 +5046,9 @@ dependencies = [
 
 [[package]]
 name = "syn"
-version = "2.0.85"
+version = "2.0.87"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5023162dfcd14ef8f32034d8bcd4cc5ddc61ef7a247c024a33e24e1f24d21b56"
+checksum = "25aa4ce346d03a6dcd68dd8b4010bcb74e54e62c90c573f394c46eae99aba32d"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -4936,7 +5078,7 @@ checksum = "c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.85",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -5039,22 +5181,22 @@ checksum = "3369f5ac52d5eb6ab48c6b4ffdc8efbcad6b89c765749064ba298f2c68a16a76"
 
 [[package]]
 name = "thiserror"
-version = "1.0.65"
+version = "1.0.68"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5d11abd9594d9b38965ef50805c5e469ca9cc6f197f883f717e0269a3057b3d5"
+checksum = "02dd99dc800bbb97186339685293e1cc5d9df1f8fae2d0aecd9ff1c77efea892"
 dependencies = [
  "thiserror-impl",
 ]
 
 [[package]]
 name = "thiserror-impl"
-version = "1.0.65"
+version = "1.0.68"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ae71770322cbd277e69d762a16c444af02aa0575ac0d174f0b9562d3b37f8602"
+checksum = "a7c61ec9a6f64d2793d8a45faba21efbe3ced62a886d44c36a009b2b519b4c7e"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.85",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -5138,6 +5280,16 @@ dependencies = [
  "crunchy",
 ]
 
+[[package]]
+name = "tinystr"
+version = "0.7.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9117f5d4db391c1cf6927e7bea3db74b9a1c1add8f7eda9ffd5364f40f57b82f"
+dependencies = [
+ "displaydoc",
+ "zerovec",
+]
+
 [[package]]
 name = "tinytemplate"
 version = "1.2.1"
@@ -5200,7 +5352,7 @@ checksum = "693d596312e88961bc67d7f1f97af8a70227d9f90c31bba5806eec004978d752"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.85",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -5219,7 +5371,7 @@ version = "0.26.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0c7bc40d0e5a97695bb96e27995cd3a08538541b0a846f65bba7a359f36700d4"
 dependencies = [
- "rustls 0.23.15",
+ "rustls 0.23.16",
  "rustls-pki-types",
  "tokio",
 ]
@@ -5313,6 +5465,7 @@ dependencies = [
  "pin-project-lite",
  "sync_wrapper 0.1.2",
  "tokio",
+ "tokio-util",
  "tower-layer",
  "tower-service",
  "tracing",
@@ -5320,9 +5473,9 @@ dependencies = [
 
 [[package]]
 name = "tower-http"
-version = "0.5.2"
+version = "0.6.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1e9cd434a998747dd2c4276bc96ee2e0c7a2eadf3cae88e52be55a05fa9053f5"
+checksum = "8437150ab6bbc8c5f0f519e3d5ed4aa883a83dd4cdd3d1b21f9482936046cb97"
 dependencies = [
  "async-compression",
  "bitflags 2.6.0",
@@ -5330,7 +5483,6 @@ dependencies = [
  "futures-core",
  "http 1.1.0",
  "http-body 1.0.1",
- "http-body-util",
  "pin-project-lite",
  "tokio",
  "tokio-util",
@@ -5386,7 +5538,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.85",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -5570,12 +5722,12 @@ checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
 
 [[package]]
 name = "url"
-version = "2.5.2"
+version = "2.5.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "22784dbdf76fdde8af1aeda5622b546b422b6fc585325248a2bf9f5e41e94d6c"
+checksum = "8d157f1b96d14500ffdc1f10ba712e780825526c03d9a49b4d0324b0d9113ada"
 dependencies = [
  "form_urlencoded",
- "idna 0.5.0",
+ "idna 1.0.3",
  "percent-encoding",
 ]
 
@@ -5585,6 +5737,18 @@ version = "2.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "daf8dba3b7eb870caf1ddeed7bc9d2a049f3cfdfae7cb521b087cc33ae4c49da"
 
+[[package]]
+name = "utf16_iter"
+version = "1.0.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c8232dd3cdaed5356e0f716d285e4b40b932ac434100fe9b7e0e8e935b9e6246"
+
+[[package]]
+name = "utf8_iter"
+version = "1.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be"
+
 [[package]]
 name = "utf8parse"
 version = "0.2.2"
@@ -5679,7 +5843,7 @@ dependencies = [
  "once_cell",
  "proc-macro2",
  "quote",
- "syn 2.0.85",
+ "syn 2.0.87",
  "wasm-bindgen-shared",
 ]
 
@@ -5713,7 +5877,7 @@ checksum = "26c6ab57572f7a24a4985830b120de1594465e5d500f24afe89e16b4e833ef68"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.85",
+ "syn 2.0.87",
  "wasm-bindgen-backend",
  "wasm-bindgen-shared",
 ]
@@ -5747,6 +5911,15 @@ dependencies = [
  "wasm-bindgen",
 ]
 
+[[package]]
+name = "webpki-root-certs"
+version = "0.26.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e8c6dfa3ac045bc517de14c7b1384298de1dbd229d38e08e169d9ae8c170937c"
+dependencies = [
+ "rustls-pki-types",
+]
+
 [[package]]
 name = "webpki-roots"
 version = "0.25.4"
@@ -6018,6 +6191,18 @@ dependencies = [
  "windows-sys 0.48.0",
 ]
 
+[[package]]
+name = "write16"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d1890f4022759daae28ed4fe62859b1236caebfc61ede2f63ed4e695f3f6d936"
+
+[[package]]
+name = "writeable"
+version = "0.5.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1e9df38ee2d2c3c5948ea468a8406ff0db0b29ae1ffde1bcf20ef305bcc95c51"
+
 [[package]]
 name = "wyz"
 version = "0.5.1"
@@ -6053,6 +6238,30 @@ dependencies = [
  "time",
 ]
 
+[[package]]
+name = "yoke"
+version = "0.7.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6c5b1314b079b0930c31e3af543d8ee1757b1951ae1e1565ec704403a7240ca5"
+dependencies = [
+ "serde",
+ "stable_deref_trait",
+ "yoke-derive",
+ "zerofrom",
+]
+
+[[package]]
+name = "yoke-derive"
+version = "0.7.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "28cc31741b18cb6f1d5ff12f5b7523e3d6eb0852bbbad19d73905511d9849b95"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.87",
+ "synstructure",
+]
+
 [[package]]
 name = "zerocopy"
 version = "0.7.35"
@@ -6071,7 +6280,28 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.85",
+ "syn 2.0.87",
+]
+
+[[package]]
+name = "zerofrom"
+version = "0.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "91ec111ce797d0e0784a1116d0ddcdbea84322cd79e5d5ad173daeba4f93ab55"
+dependencies = [
+ "zerofrom-derive",
+]
+
+[[package]]
+name = "zerofrom-derive"
+version = "0.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0ea7b4a3637ea8669cedf0f1fd5c286a17f3de97b8dd5a70a6c167a1730e63a5"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.87",
+ "synstructure",
 ]
 
 [[package]]
@@ -6091,7 +6321,29 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.85",
+ "syn 2.0.87",
+]
+
+[[package]]
+name = "zerovec"
+version = "0.10.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "aa2b893d79df23bfb12d5461018d408ea19dfafe76c2c7ef6d4eba614f8ff079"
+dependencies = [
+ "yoke",
+ "zerofrom",
+ "zerovec-derive",
+]
+
+[[package]]
+name = "zerovec-derive"
+version = "0.10.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6eafa6dfb17584ea3e2bd6e76e0cc15ad7af12b09abdd1ca55961bed9b1063c6"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.87",
 ]
 
 [[package]]
diff --git a/Cargo.toml b/Cargo.toml
index 48e1b80..408f8be 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -5,60 +5,59 @@ description = "HTTP-to-IC gateway"
 edition = "2021"
 
 [dependencies]
-ahash = "0.8"
-anyhow = "1.0"
-arc-swap = "1"
+ahash = "0.8.11"
+anyhow = "1.0.92"
+arc-swap = "1.7.1"
 async-channel = "2.3.1"
-async-trait = "0.1"
-axum = "0.7"
-axum-extra = "0.9"
-backoff = { version = "0.4", features = ["tokio"] }
-base64 = "0.22"
-bytes = "1.7"
-candid = "0.10"
-chrono = "0.4"
-clap = { version = "4.5", features = ["derive", "string", "env"] }
-clap_derive = "4.5"
-clickhouse = { version = "0.12.2", features = [
+async-trait = "0.1.83"
+axum = "0.7.7"
+axum-extra = "0.9.4"
+backoff = { version = "0.4.0", features = ["tokio"] }
+base64 = "0.22.1"
+bytes = "1.8.0"
+candid = "0.10.10"
+chrono = "0.4.38"
+clap = { version = "4.5.20", features = ["derive", "string", "env"] }
+clap_derive = "4.5.18"
+clickhouse = { version = "0.13.1", features = [
     "lz4",
     "uuid",
     "time",
     "inserter",
     "rustls-tls",
 ] }
-console-subscriber = "0.4"
-ctrlc = { version = "3.4", features = ["termination"] }
-derive-new = "0.6"
-fqdn = "0.3"
-futures = "0.3"
-futures-util = "0.3"
-governor = "0.6.3"
-hickory-resolver = { version = "0.24", features = [
+console-subscriber = "0.4.1"
+ctrlc = { version = "3.4.5", features = ["termination"] }
+derive-new = "0.7.0"
+fqdn = "0.4.1"
+futures = "0.3.31"
+futures-util = "0.3.31"
+governor = "0.6.0" # must match tower-governor deps
+hickory-resolver = { version = "0.24.1", features = [
     "dns-over-https-rustls",
     "webpki-roots",
     "dnssec-ring",
 ] }
-hostname = "0.4"
-http = "1.1"
-http-body = "1.0"
-http-body-util = "0.1"
-humantime = "2.1"
-hyper-util = "0.1"
+hostname = "0.4.0"
+http = "1.1.0"
+http-body = "1.0.1"
+http-body-util = "0.1.2"
+humantime = "2.1.0"
+hyper-util = "0.1.10"
 ic-agent = { version = "0.37.1", features = ["reqwest"] }
-ic-bn-lib = { git = "https://github.com/dfinity/ic-bn-lib", rev = "1aa781275cd958f6148f6ea6a5630f73ab7b2d57" }
+ic-bn-lib = { git = "https://github.com/dfinity/ic-bn-lib", rev = "526d34d15cfbf369d8baf2dae9932aa18d570a1d" }
 ic-http-gateway = { git = "https://github.com/dfinity/http-gateway", tag = "0.1.0-b0" }
-itertools = "0.13"
-lazy_static = "1.5"
-maxminddb = "0.24"
-mockall = "0.12"
-moka = { version = "0.12", features = ["sync", "future"] }
-ocsp-stapler = "0.4"
-once_cell = "1.19"
-parse-size = { version = "1.0", features = ["std"] }
-prometheus = "0.13"
-rand = "0.8"
-regex = "1.10"
-reqwest = { version = "0.12.7", default-features = false, features = [
+itertools = "0.13.0"
+lazy_static = "1.5.0"
+maxminddb = "0.24.0"
+mockall = "0.13.0"
+moka = { version = "0.12.8", features = ["sync", "future"] }
+ocsp-stapler = "0.4.1"
+once_cell = "1.20.2"
+prometheus = "0.13.4"
+rand = "0.8.5"
+regex = "1.11.1"
+reqwest = { version = "0.12.9", default-features = false, features = [
     "http2",
     "rustls-tls",
     "deflate",
@@ -68,43 +67,43 @@ reqwest = { version = "0.12.7", default-features = false, features = [
     "json",
     "stream",
 ] }
-rustls = { version = "0.23.12", features = ["brotli"] }
-rustls-platform-verifier = "0.3"
-serde = "1.0"
-serde_cbor = "0.11"
-serde_json = "1.0"
-strum = { version = "0.26", features = ["derive"] }
-strum_macros = "0.26"
-thiserror = "1.0"
-tikv-jemallocator = "0.6"
-tikv-jemalloc-ctl = { version = "0.6", features = ["stats"] }
-time = { version = "0.3", features = ["macros", "serde"] }
-tokio = { version = "1.41", features = ["full", "tracing"] }
-tokio-util = { version = "0.7.11", features = ["full"] }
-tower = "0.4"
-tower_governor = "0.4"
-tower-http = { version = "0.5", features = ["cors", "compression-full"] }
-tower-service = "0.3"
-tracing = "0.1"
-tracing-core = "0.1"
-tracing-serde = "0.1"
-tracing-subscriber = { version = "0.3", features = [
+rustls = { version = "0.23.16", features = ["brotli"] }
+rustls-platform-verifier = "0.4.0"
+serde = "1.0.214"
+serde_cbor = "0.11.2"
+serde_json = "1.0.132"
+strum = { version = "0.26.3", features = ["derive"] }
+strum_macros = "0.26.4"
+thiserror = "1.0.68"
+tikv-jemallocator = "0.6.0"
+tikv-jemalloc-ctl = { version = "0.6.0", features = ["stats"] }
+time = { version = "0.3.36", features = ["macros", "serde"] }
+tokio = { version = "1.41.0", features = ["full", "tracing"] }
+tokio-util = { version = "0.7.12", features = ["full"] }
+tower = { version = "0.5.1", features = ["limit"] }
+tower_governor = "0.4.3"
+tower-http = { version = "0.6.1", features = ["cors", "compression-full"] }
+tower-service = "0.3.3"
+tracing = "0.1.40"
+tracing-core = "0.1.32"
+tracing-serde = "0.1.3"
+tracing-subscriber = { version = "0.3.18", features = [
     "env-filter",
     "fmt",
     "json",
 ] }
-url = "2.5"
-uuid = { version = "1.10", features = ["v7"] }
-webpki-roots = "0.26"
-x509-parser = "0.16"
+url = "2.5.3"
+uuid = { version = "1.11.0", features = ["v7"] }
+webpki-roots = "0.26.6"
+x509-parser = "0.16.0"
 zstd = "0.13.2"
 
 [dev-dependencies]
-hex-literal = "0.4"
-hyper = "1.5"
-criterion = { version = "0.5", features = ["async_tokio"] }
-httptest = "0.16"
-tempfile = "3.10"
+hex-literal = "0.4.1"
+hyper = "1.5.0"
+criterion = { version = "0.5.1", features = ["async_tokio"] }
+httptest = "0.16.1"
+tempfile = "3.13.0"
 
 [profile.release]
 strip = "symbols"
diff --git a/src/cli.rs b/src/cli.rs
index 88a25e3..60bfb4d 100644
--- a/src/cli.rs
+++ b/src/cli.rs
@@ -11,9 +11,9 @@ use humantime::parse_duration;
 use ic_bn_lib::{
     http::{
         self,
-        client::CloneableDnsResolver,
         shed::cli::{ShedSharded, ShedSystem},
     },
+    parse_size, parse_size_usize,
     tls::acme,
 };
 use reqwest::Url;
@@ -21,17 +21,8 @@ use reqwest::Url;
 use crate::{
     core::{AUTHOR_NAME, SERVICE_NAME},
     routing::{domain::CanisterAlias, RequestType},
-    tls,
 };
 
-fn parse_size(s: &str) -> Result<u64, parse_size::Error> {
-    parse_size::Config::new().with_binary().parse_size(s)
-}
-
-fn parse_size_usize(s: &str) -> Result<usize, parse_size::Error> {
-    parse_size(s).map(|x| x as usize)
-}
-
 /// Clap does not support prefixes due to macro limitations.
 /// So the names are a bit redundant (e.g. cli.http_client.http_client_...) to
 /// make it consistent with env vars naming etc.
@@ -40,14 +31,17 @@ fn parse_size_usize(s: &str) -> Result<usize, parse_size::Error> {
 #[clap(name = SERVICE_NAME)]
 #[clap(author = AUTHOR_NAME)]
 pub struct Cli {
-    #[command(flatten, next_help_heading = "HTTP Client")]
-    pub http_client: HttpClient,
-
     #[command(flatten, next_help_heading = "DNS Resolver")]
     pub dns: Dns,
 
+    #[command(flatten, next_help_heading = "Listening")]
+    pub listen: Listen,
+
+    #[command(flatten, next_help_heading = "HTTP Client")]
+    pub http_client: http::client::cli::HttpClient,
+
     #[command(flatten, next_help_heading = "HTTP Server")]
-    pub http_server: HttpServer,
+    pub http_server: http::server::cli::HttpServer,
 
     #[command(flatten, next_help_heading = "IC")]
     pub ic: Ic,
@@ -86,38 +80,6 @@ pub struct Cli {
     pub shed_latency: ShedSharded<RequestType>,
 }
 
-#[derive(Args)]
-pub struct HttpClient {
-    /// Timeout for HTTP connection phase
-    #[clap(env, long, default_value = "5s", value_parser = parse_duration)]
-    pub http_client_timeout_connect: Duration,
-
-    /// Timeout for a single read request
-    #[clap(env, long, default_value = "15s", value_parser = parse_duration)]
-    pub http_client_timeout_read: Duration,
-
-    /// Timeout for the whole HTTP call: this includes connecting, sending request,
-    /// receiving response etc.
-    #[clap(env, long, default_value = "60s", value_parser = parse_duration)]
-    pub http_client_timeout: Duration,
-
-    /// How long to keep idle HTTP connections open
-    #[clap(env, long, default_value = "120s", value_parser = parse_duration)]
-    pub http_client_pool_idle: Duration,
-
-    /// TCP Keepalive interval
-    #[clap(env, long, default_value = "15s", value_parser = parse_duration)]
-    pub http_client_tcp_keepalive: Duration,
-
-    /// HTTP2 Keepalive interval
-    #[clap(env, long, default_value = "10s", value_parser = parse_duration)]
-    pub http_client_http2_keepalive: Duration,
-
-    /// HTTP2 Keepalive timeout
-    #[clap(env, long, default_value = "5s", value_parser = parse_duration)]
-    pub http_client_http2_keepalive_timeout: Duration,
-}
-
 #[derive(Args)]
 pub struct Dns {
     /// List of DNS servers to use
@@ -138,89 +100,18 @@ pub struct Dns {
 }
 
 #[derive(Args)]
-pub struct HttpServer {
+pub struct Listen {
     /// Where to listen for HTTP
     #[clap(env, long, default_value = "127.0.0.1:8080")]
-    pub http_server_listen_plain: SocketAddr,
+    pub listen_plain: SocketAddr,
 
     /// Where to listen for HTTPS
     #[clap(env, long, default_value = "127.0.0.1:8443")]
-    pub http_server_listen_tls: SocketAddr,
-
-    /// Backlog of incoming connections to set on the listening socket
-    #[clap(env, long, default_value = "2048")]
-    pub http_server_backlog: u32,
-
-    /// Maximum number of HTTP requests to serve over a single connection.
-    /// After this number is reached the connection is gracefully closed.
-    /// The default is consistent with nginx's `keepalive_requests` parameter.
-    #[clap(env, long, default_value = "1000")]
-    pub http_server_max_requests_per_conn: u64,
-
-    /// Timeout for network read calls.
-    /// If the read call take longer than that - the connection is closed.
-    /// This effectively closes idle HTTP/1.1 connections.
-    #[clap(env, long, default_value = "30s", value_parser = parse_duration)]
-    pub http_server_read_timeout: Duration,
-
-    /// Timeout for network write calls.
-    /// If the write call take longer than that - the connection is closed.
-    #[clap(env, long, default_value = "30s", value_parser = parse_duration)]
-    pub http_server_write_timeout: Duration,
-
-    /// Idle timeout for connections.
-    /// If no requests are executed during this period - the connections is closed.
-    /// Mostly needed for HTTP/2 where the read timeout sometimes cannot kick in
-    /// due to PING frames and other non-request activity.
-    #[clap(env, long, default_value = "60s", value_parser = parse_duration)]
-    pub http_server_idle_timeout: Duration,
-
-    /// TLS handshake timeout
-    #[clap(env, long, default_value = "15s", value_parser = parse_duration)]
-    pub http_server_tls_handshake_timeout: Duration,
-
-    /// For how long to wait for the client to send headers.
-    /// Applies only to HTTP1 connections.
-    /// Should be set lower than the global `http_server_read_timeout`.
-    #[clap(env, long, default_value = "10s", value_parser = parse_duration)]
-    pub http_server_http1_header_read_timeout: Duration,
-
-    /// For how long to wait for the client to send full request body.
-    #[clap(env, long, default_value = "60s", value_parser = parse_duration)]
-    pub http_server_body_read_timeout: Duration,
-
-    /// Maximum number of HTTP2 streams that the client is allowed to create in a single connection
-    #[clap(env, long, default_value = "128")]
-    pub http_server_http2_max_streams: u32,
-
-    /// Keepalive interval for HTTP2 connections
-    #[clap(env, long, default_value = "20s", value_parser = parse_duration)]
-    pub http_server_http2_keepalive_interval: Duration,
-
-    /// Keepalive timeout for HTTP2 connections
-    #[clap(env, long, default_value = "10s", value_parser = parse_duration)]
-    pub http_server_http2_keepalive_timeout: Duration,
-
-    /// How long to wait for the existing connections to finish before shutting down.
-    /// Also applies to the recycling of connections with `http_server_max_requests_per_conn` option.
-    #[clap(env, long, default_value = "60s", value_parser = parse_duration)]
-    pub http_server_grace_period: Duration,
-
-    /// Maximum size of cache to store TLS sessions in memory
-    #[clap(env, long, default_value = "256MB", value_parser = parse_size)]
-    pub http_server_tls_session_cache_size: u64,
-
-    /// Maximum time that a TLS session key can stay in cache without being requested (Time-to-Idle)
-    #[clap(env, long, default_value = "18h", value_parser = parse_duration)]
-    pub http_server_tls_session_cache_tti: Duration,
-
-    /// Lifetime of a TLS1.3 ticket, due to key rotation the actual lifetime will be twice than this
-    #[clap(env, long, default_value = "9h", value_parser = parse_duration)]
-    pub http_server_tls_ticket_lifetime: Duration,
+    pub listen_tls: SocketAddr,
 
     /// Option to only serve HTTP instead for testing
     #[clap(env, long)]
-    pub http_server_insecure_serve_http_only: bool,
+    pub listen_insecure_serve_http_only: bool,
 }
 
 #[derive(Args)]
@@ -514,18 +405,6 @@ pub struct Vector {
 
 #[derive(Args)]
 pub struct Load {
-    /// Exponential Weighted Moving Average parameter for load shedding algorithm.
-    /// Setting this value enables load shedding.
-    /// Value of 0.1 means that the next measurement would account for 10% of moving average.
-    /// Should be in range 0..1.
-    #[clap(env, long)]
-    pub load_shed_ewma_param: Option<f64>,
-
-    /// Target latency for load shedding algorithm in milliseconds.
-    /// It tries to keep the request latency less than this.
-    #[clap(env, long, default_value = "1500ms", value_parser = parse_duration)]
-    pub load_shed_target_latency: Duration,
-
     /// Maximum number of concurrent requests to process.
     /// If more are coming in - they will be throttled.
     #[clap(env, long)]
@@ -595,40 +474,3 @@ impl From<&Dns> for http::dns::Options {
         }
     }
 }
-
-impl From<&HttpServer> for http::server::Options {
-    fn from(c: &HttpServer) -> Self {
-        Self {
-            backlog: c.http_server_backlog,
-            read_timeout: Some(c.http_server_read_timeout),
-            write_timeout: Some(c.http_server_write_timeout),
-            idle_timeout: c.http_server_idle_timeout,
-            tls_handshake_timeout: c.http_server_tls_handshake_timeout,
-            http1_header_read_timeout: c.http_server_http1_header_read_timeout,
-            http2_keepalive_interval: c.http_server_http2_keepalive_interval,
-            http2_keepalive_timeout: c.http_server_http2_keepalive_timeout,
-            http2_max_streams: c.http_server_http2_max_streams,
-            grace_period: c.http_server_grace_period,
-            max_requests_per_conn: Some(c.http_server_max_requests_per_conn),
-        }
-    }
-}
-
-impl<R: CloneableDnsResolver> From<&HttpClient> for http::client::Options<R> {
-    fn from(c: &HttpClient) -> Self {
-        Self {
-            timeout_connect: c.http_client_timeout_connect,
-            timeout_read: c.http_client_timeout_read,
-            timeout: c.http_client_timeout,
-            pool_idle_timeout: Some(c.http_client_pool_idle),
-            pool_idle_max: None,
-            tcp_keepalive: Some(c.http_client_tcp_keepalive),
-            http2_keepalive: Some(c.http_client_http2_keepalive),
-            http2_keepalive_timeout: c.http_client_http2_keepalive_timeout,
-            http2_keepalive_idle: false,
-            user_agent: crate::core::SERVICE_NAME.into(),
-            tls_config: Some(tls::prepare_client_config()),
-            dns_resolver: None,
-        }
-    }
-}
diff --git a/src/core.rs b/src/core.rs
index 4e30f6d..fc0bc8e 100644
--- a/src/core.rs
+++ b/src/core.rs
@@ -2,7 +2,7 @@ use std::sync::{Arc, OnceLock};
 
 use anyhow::{anyhow, Context, Error};
 use axum::Router;
-use ic_bn_lib::{http, tasks::TaskManager, tls::sessions};
+use ic_bn_lib::{http, tasks::TaskManager, tls::prepare_client_config};
 use itertools::Itertools;
 use prometheus::Registry;
 use tokio_util::sync::CancellationToken;
@@ -70,8 +70,13 @@ pub async fn main(cli: &Cli) -> Result<(), Error> {
     // HTTP client
     let mut http_client_opts: http::client::Options<_> = (&cli.http_client).into();
     http_client_opts.dns_resolver = Some(dns_resolver.clone());
-    let reqwest_client = http::client::new(http_client_opts.clone())?;
-    let http_client = Arc::new(http::ReqwestClient::new(http_client_opts)?);
+    http_client_opts.tls_config = Some(prepare_client_config(&[
+        &rustls::version::TLS13,
+        &rustls::version::TLS12,
+    ]));
+    let http_client = Arc::new(http::ReqwestClient::new(http_client_opts.clone())?);
+    // Bare reqwest client is for now needed for Discovery Library
+    let reqwest_client = http::client::new(http_client_opts)?;
 
     // Event sinks
     let clickhouse = if cli.log.clickhouse.log_clickhouse_url.is_some() {
@@ -97,12 +102,6 @@ pub async fn main(cli: &Cli) -> Result<(), Error> {
     let handler_token = token.clone();
     ctrlc::set_handler(move || handler_token.cancel())?;
 
-    // TLS session cache
-    let tls_session_cache = Arc::new(sessions::Storage::new(
-        cli.http_server.http_server_tls_session_cache_size,
-        cli.http_server.http_server_tls_session_cache_tti,
-    ));
-
     // HTTP server metrics
     let http_metrics = http::server::Metrics::new(&registry);
 
@@ -129,7 +128,7 @@ pub async fn main(cli: &Cli) -> Result<(), Error> {
     .await?;
 
     // Set up HTTP router (redirecting to HTTPS or serving all endpoints)
-    let http_router = if !cli.http_server.http_server_insecure_serve_http_only {
+    let http_router = if !cli.listen.listen_insecure_serve_http_only {
         Router::new().fallback(routing::redirect_to_https)
     } else {
         gateway_router.clone()
@@ -137,7 +136,7 @@ pub async fn main(cli: &Cli) -> Result<(), Error> {
 
     // Create HTTP server
     let http_server = Arc::new(http::Server::new(
-        http::server::Addr::Tcp(cli.http_server.http_server_listen_plain),
+        http::server::Addr::Tcp(cli.listen.listen_plain),
         http_router,
         (&cli.http_server).into(),
         http_metrics.clone(),
@@ -146,7 +145,7 @@ pub async fn main(cli: &Cli) -> Result<(), Error> {
     tasks.add("http_server", http_server);
 
     // Create HTTPS server
-    if !cli.http_server.http_server_insecure_serve_http_only {
+    if !cli.listen.listen_insecure_serve_http_only {
         // Prepare TLS related stuff
         let rustls_cfg = tls::setup(
             cli,
@@ -154,14 +153,13 @@ pub async fn main(cli: &Cli) -> Result<(), Error> {
             domains.clone(),
             Arc::new(dns_resolver),
             issuer_certificate_providers,
-            tls_session_cache.clone(),
             &registry,
         )
         .await
         .context("unable to setup TLS")?;
 
         let https_server = Arc::new(http::Server::new(
-            http::server::Addr::Tcp(cli.http_server.http_server_listen_tls),
+            http::server::Addr::Tcp(cli.listen.listen_tls),
             gateway_router,
             (&cli.http_server).into(),
             http_metrics.clone(),
@@ -172,7 +170,7 @@ pub async fn main(cli: &Cli) -> Result<(), Error> {
 
     // Setup metrics
     if let Some(addr) = cli.metrics.metrics_listen {
-        let router = metrics::setup(&registry, tls_session_cache, &mut tasks);
+        let router = metrics::setup(&registry, &mut tasks);
 
         let srv = Arc::new(http::Server::new(
             http::server::Addr::Tcp(addr),
diff --git a/src/metrics/mod.rs b/src/metrics/mod.rs
index b58c7a4..cf46448 100644
--- a/src/metrics/mod.rs
+++ b/src/metrics/mod.rs
@@ -24,7 +24,6 @@ use ic_bn_lib::{
         server::{ConnInfo, TlsInfo},
     },
     tasks::TaskManager,
-    tls::sessions,
 };
 use prometheus::{
     register_histogram_vec_with_registry, register_int_counter_vec_with_registry, HistogramVec,
@@ -55,17 +54,9 @@ pub const HTTP_DURATION_BUCKETS: &[f64] = &[0.05, 0.2, 1.0, 2.0];
 pub const HTTP_REQUEST_SIZE_BUCKETS: &[f64] = &[128.0, KB, 2.0 * KB, 4.0 * KB, 8.0 * KB];
 pub const HTTP_RESPONSE_SIZE_BUCKETS: &[f64] = &[1.0 * KB, 8.0 * KB, 64.0 * KB, 256.0 * KB];
 
-pub fn setup(
-    registry: &Registry,
-    tls_session_cache: Arc<sessions::Storage>,
-    tasks: &mut TaskManager,
-) -> Router {
+pub fn setup(registry: &Registry, tasks: &mut TaskManager) -> Router {
     let cache = Arc::new(runner::MetricsCache::new());
-    let runner = Arc::new(runner::MetricsRunner::new(
-        cache.clone(),
-        registry,
-        tls_session_cache,
-    ));
+    let runner = Arc::new(runner::MetricsRunner::new(cache.clone(), registry));
     tasks.add("metrics_runner", runner);
 
     Router::new()
diff --git a/src/metrics/runner.rs b/src/metrics/runner.rs
index d775bd1..4094c60 100644
--- a/src/metrics/runner.rs
+++ b/src/metrics/runner.rs
@@ -8,7 +8,7 @@ use arc_swap::ArcSwap;
 use axum::{async_trait, extract::State, response::IntoResponse};
 use bytes::{BufMut, Bytes, BytesMut};
 use http::header::CONTENT_TYPE;
-use ic_bn_lib::{tasks::Run, tls::sessions};
+use ic_bn_lib::tasks::Run;
 use prometheus::{register_int_gauge_with_registry, Encoder, IntGauge, Registry, TextEncoder};
 use tikv_jemalloc_ctl::{epoch, stats};
 use tokio::select;
@@ -33,23 +33,16 @@ impl MetricsCache {
 pub struct MetricsRunner {
     metrics_cache: Arc<MetricsCache>,
     registry: Registry,
-    tls_session_cache: Arc<sessions::Storage>,
     encoder: TextEncoder,
 
     // Metrics
     mem_allocated: IntGauge,
     mem_resident: IntGauge,
-    tls_session_cache_count: IntGauge,
-    tls_session_cache_size: IntGauge,
 }
 
 // Snapshots & encodes the metrics for the handler to export
 impl MetricsRunner {
-    pub fn new(
-        metrics_cache: Arc<MetricsCache>,
-        registry: &Registry,
-        tls_session_cache: Arc<sessions::Storage>,
-    ) -> Self {
+    pub fn new(metrics_cache: Arc<MetricsCache>, registry: &Registry) -> Self {
         let mem_allocated = register_int_gauge_with_registry!(
             format!("memory_allocated"),
             format!("Allocated memory in bytes"),
@@ -64,29 +57,12 @@ impl MetricsRunner {
         )
         .unwrap();
 
-        let tls_session_cache_count = register_int_gauge_with_registry!(
-            format!("tls_session_cache_count"),
-            format!("Number of TLS sessions in the cache"),
-            registry
-        )
-        .unwrap();
-
-        let tls_session_cache_size = register_int_gauge_with_registry!(
-            format!("tls_session_cache_size"),
-            format!("Size of TLS sessions in the cache"),
-            registry
-        )
-        .unwrap();
-
         Self {
             metrics_cache,
             registry: registry.clone(),
-            tls_session_cache,
             encoder: TextEncoder::new(),
             mem_allocated,
             mem_resident,
-            tls_session_cache_count,
-            tls_session_cache_size,
         }
     }
 }
@@ -100,11 +76,6 @@ impl MetricsRunner {
         self.mem_resident
             .set(stats::resident::read().unwrap() as i64);
 
-        // Record TLS session stats
-        let stats = self.tls_session_cache.stats();
-        self.tls_session_cache_count.set(stats.entries as i64);
-        self.tls_session_cache_size.set(stats.size as i64);
-
         // Get a snapshot of metrics
         let metric_families = self.registry.gather();
 
diff --git a/src/routing/mod.rs b/src/routing/mod.rs
index d550c0b..219d40e 100644
--- a/src/routing/mod.rs
+++ b/src/routing/mod.rs
@@ -128,8 +128,8 @@ impl RequestCtx {
 #[derive(Clone, Debug)]
 struct RequestTypeExtractor;
 impl TypeExtractor for RequestTypeExtractor {
-    type Request = Request;
     type Type = RequestType;
+    type Request = Request;
 
     fn extract(&self, req: &Self::Request) -> Option<Self::Type> {
         req.extensions()
diff --git a/src/tls/mod.rs b/src/tls/mod.rs
index 2559b37..43a80ab 100644
--- a/src/tls/mod.rs
+++ b/src/tls/mod.rs
@@ -3,13 +3,14 @@ pub mod resolver;
 
 use std::{fs, sync::Arc};
 
-use anyhow::{anyhow, Context, Error};
+use anyhow::{anyhow, bail, Context, Error};
 use async_trait::async_trait;
 use fqdn::FQDN;
 use ic_bn_lib::{
-    http::{dns::Resolves, ALPN_ACME, ALPN_H1, ALPN_H2},
+    http::{dns::Resolves, ALPN_ACME},
     tasks::{Run, TaskManager},
     tls::{
+        self,
         acme::{
             self,
             dns::{AcmeDns, DnsBackend, DnsManager, TokenManagerDns},
@@ -21,12 +22,7 @@ use ic_bn_lib::{
 };
 use ocsp_stapler::Stapler;
 use prometheus::Registry;
-use rustls::{
-    client::{ClientConfig, ClientSessionMemoryCache, Resumption},
-    server::{ResolvesServerCert as ResolvesServerCertRustls, ServerConfig, StoresServerSessions},
-    version::{TLS12, TLS13},
-};
-use rustls_platform_verifier::Verifier;
+use rustls::server::{ResolvesServerCert as ResolvesServerCertRustls, ServerConfig};
 use tokio_util::sync::CancellationToken;
 
 use crate::{
@@ -51,33 +47,6 @@ impl Run for OcspStaplerWrapper {
     }
 }
 
-pub fn prepare_client_config() -> ClientConfig {
-    // Use a custom certificate verifier from rustls project that is more secure.
-    // It also checks OCSP revocation, though OCSP support for Linux platform for now seems be no-op.
-    // https://github.com/rustls/rustls-platform-verifier/issues/99
-
-    // new_with_extra_roots() method isn't available on MacOS, see
-    // https://github.com/rustls/rustls-platform-verifier/issues/58
-    #[cfg(not(target_os = "macos"))]
-    let verifier = Arc::new(Verifier::new_with_extra_roots(
-        webpki_roots::TLS_SERVER_ROOTS.to_vec(),
-    ));
-    #[cfg(target_os = "macos")]
-    let verifier = Arc::new(Verifier::new());
-
-    let mut cfg = ClientConfig::builder_with_protocol_versions(&[&TLS13, &TLS12])
-        .dangerous() // Nothing really dangerous here
-        .with_custom_certificate_verifier(verifier)
-        .with_no_client_auth();
-
-    // Session resumption
-    let store = ClientSessionMemoryCache::new(2048);
-    cfg.resumption = Resumption::store(Arc::new(store));
-    cfg.alpn_protocols = vec![ALPN_H2.to_vec(), ALPN_H1.to_vec()];
-
-    cfg
-}
-
 async fn setup_acme(
     cli: &Cli,
     tasks: &mut TaskManager,
@@ -137,7 +106,6 @@ pub async fn setup(
     domains: Vec<FQDN>,
     dns_resolver: Arc<dyn Resolves>,
     custom_domain_providers: Vec<Arc<dyn ProvidesCertificates>>,
-    tls_session_storage: Arc<dyn StoresServerSessions + Send + Sync>,
     registry: &Registry,
 ) -> Result<ServerConfig, Error> {
     // Prepare certificate storage
@@ -164,9 +132,7 @@ pub async fn setup(
     };
 
     if acme_resolver.is_none() && cert_providers.is_empty() {
-        return Err(anyhow!(
-            "No ACME or certificate providers specified - HTTPS cannot be used"
-        ));
+        bail!("No ACME or certificate providers specified - HTTPS cannot be used");
     }
 
     // Create certificate aggregator that combines all providers
@@ -197,21 +163,15 @@ pub async fn setup(
             stapler
         };
 
-    let alpn = if cli.acme.acme_challenge == Some(Challenge::Alpn) {
+    let mut tls_opts: tls::Options = (&cli.http_server).into();
+    tls_opts.tls_versions = vec![&rustls::version::TLS13, &rustls::version::TLS12];
+    tls_opts.additional_alpn = if cli.acme.acme_challenge == Some(Challenge::Alpn) {
         vec![ALPN_ACME.to_vec()]
     } else {
         vec![vec![]]
     };
 
     // Generate Rustls config
-    let config = prepare_server_config(
-        certificate_resolver,
-        tls_session_storage,
-        &alpn,
-        cli.http_server.http_server_tls_ticket_lifetime,
-        &[&rustls::version::TLS13, &rustls::version::TLS12],
-        registry,
-    );
-
+    let config = prepare_server_config(tls_opts, certificate_resolver, registry);
     Ok(config)
 }